artlounge-reorder-mcp

v0.1.0 suspicious
6.0
Medium Risk

Art Lounge reorder intelligence — CLI + MCP server wrapping the dashboard's API.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits elevated risks related to shell and credential handling, suggesting potential vulnerabilities that could be exploited. However, without clear malicious intent, it remains classified as suspicious.

  • Elevated shell risk due to command execution
  • High credential risk indicating potential harvesting activities
Per-check LLM notes
  • Network: The use of HTTP requests to an external server and token handling suggests potential data transmission, which could be benign but also indicative of unauthorized data exfiltration.
  • Shell: Executing commands via subprocess can be risky if not properly sanitized, potentially allowing for arbitrary command execution which could lead to system compromise.
  • Obfuscation: No signs of obfuscation detected.
  • Credentials: The observed patterns suggest potential credential harvesting activities.
  • Metadata: The package shows low maintenance and metadata quality, but lacks clear indicators of malicious intent.

📦 Package Quality Overall: Low (3.6/10)

✦ High Test Suite 9.0

Test suite present — 35 test file(s) found

  • Test runner config found: pyproject.toml
  • 35 test file(s) detected (e.g. test_auth.py)
○ Low Documentation 1.0

No documentation detected

  • No documentation URL, doc files, or meaningful description found
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 99 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • .token}" self._http = httpx.Client( base_url=self.creds.base_url.rstrip("/"),
  • ip("/") try: with httpx.Client(timeout=DEFAULT_TIMEOUT) as http: response = htt
  • respx mocks. """ r = httpx.post( f"{local_api_server}/api/auth/login", json=
  • ubprocess on Windows. r = httpx.post( f"{local_api_server}/api/auth/login", json=
  • ath as VAL-CROSS-005. r = httpx.post( f"{local_api_server}/api/auth/login", json=
  • creds_root.mkdir() r = httpx.post( f"{local_api_server}/api/auth/login", json=
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 5 shell execution pattern(s)

  • anything" cli_proc = subprocess.run( [str(reorder_exe), "brand", "list", "--json"],
  • t is empty. jq_proc = subprocess.run( [jq, "-e", "."], input=cli_proc.std
  • _cli_env(tmp_path) proc = subprocess.run( [_reorder_exe(), "whoami"], env=env, captur
  • -for-network-test" proc = subprocess.run( [_reorder_exe(), "brand", "list"], env=env,
  • tdout, stderr).""" proc = subprocess.run( [reorder_exe, "whoami"], env=env, capture_o
Credential Harvesting score 5.0

Found 2 credential access pattern(s)

  • rue)`` on Windows calls ``getpass.getpass()`` which reads from the console via ``msvcrt.getwch()``
  • ut=True)`` on Windows calls ``getpass.getpass()`` which reads from the console via ``msvcrt.getwch()`` and
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 6.0

3 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Author "Art Lounge India" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with artlounge-reorder-mcp 
Create a mini-application called 'ArtLounge Organizer' using the 'artlounge-reorder-mcp' Python package. This application will serve as a command-line interface (CLI) tool that allows users to manage their artworks in an online gallery more efficiently. The app should interact with the Art Lounge dashboard's API through the MCP server provided by the package.

Step 1: Setup the Project Environment
- Initialize a new Python project.
- Install the 'artlounge-reorder-mcp' package.
- Set up the necessary configuration files for accessing the MCP server.

Step 2: Define Core Features
- **List Artworks**: Retrieve and display a list of all artworks in the user's gallery.
- **Filter Artworks**: Allow users to filter artworks based on categories such as artist, genre, or date.
- **Reorder Artworks**: Provide functionality to change the order of artworks within the gallery.
- **Add New Artwork**: Implement a feature to upload new artworks into the gallery.
- **Delete Artwork**: Include an option to remove artworks from the gallery.

Step 3: Enhance User Experience
- Integrate a simple command parser to handle user inputs.
- Display results in a readable format.
- Add error handling to manage issues like incorrect commands or API errors gracefully.

Step 4: Test the Application
- Write test cases to ensure each feature works as expected.
- Use mock data to simulate different scenarios and edge cases.

How to Utilize 'artlounge-reorder-mcp':
- Use the package's CLI commands to interact with the MCP server.
- Leverage the provided functions to send requests to the Art Lounge dashboard's API.
- Handle responses appropriately to update the local state of the application and reflect changes in the gallery.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!